From d443a493d2749f240562f738f490f1f117b24f9a Mon Sep 17 00:00:00 2001
From: BenjaminNH <1249376374@qq.com>
Date: Mon, 23 Jun 2025 20:06:57 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20=E9=85=8D=E7=BD=AE=E7=AC=A6=E5=90=88Spr?=
 =?UTF-8?q?ingSecurity=E7=9A=84=E8=B7=A8=E5=9F=9F=E9=80=89=E9=A1=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../config/CorsConfig.java                    | 31 +++++++++++++++++++
 .../config/SecurityConfig.java                |  5 ++-
 .../equipreservebackend/config/WebConfig.java | 25 ---------------
 3 files changed, 35 insertions(+), 26 deletions(-)
 create mode 100644 src/main/java/github/benjamin/equipreservebackend/config/CorsConfig.java
 delete mode 100644 src/main/java/github/benjamin/equipreservebackend/config/WebConfig.java

diff --git a/src/main/java/github/benjamin/equipreservebackend/config/CorsConfig.java b/src/main/java/github/benjamin/equipreservebackend/config/CorsConfig.java
new file mode 100644
index 0000000..6d50fe8
--- /dev/null
+++ b/src/main/java/github/benjamin/equipreservebackend/config/CorsConfig.java
@@ -0,0 +1,31 @@
+package github.benjamin.equipreservebackend.config;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import java.util.List;
+
+@Configuration
+public class CorsConfig {
+
+    @Value("${equip-reserve.allowed-origins}")
+    private String allowedOrigins;
+
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration config = new CorsConfiguration();
+        config.setAllowedOriginPatterns(List.of(allowedOrigins));
+        config.setAllowCredentials(true);
+        config.addAllowedHeader("*");
+        config.addAllowedMethod("*");
+        config.setMaxAge(3600L);
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", config);
+        return source;
+    }
+}
diff --git a/src/main/java/github/benjamin/equipreservebackend/config/SecurityConfig.java b/src/main/java/github/benjamin/equipreservebackend/config/SecurityConfig.java
index 0483177..26b50ab 100644
--- a/src/main/java/github/benjamin/equipreservebackend/config/SecurityConfig.java
+++ b/src/main/java/github/benjamin/equipreservebackend/config/SecurityConfig.java
@@ -6,6 +6,7 @@ import github.benjamin.equipreservebackend.utils.JwtUtil;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
@@ -24,7 +25,9 @@ public class SecurityConfig {
 
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception{
-        return http.csrf(AbstractHttpConfigurer::disable)
+        return http
+                .cors(Customizer.withDefaults())
+                .csrf(AbstractHttpConfigurer::disable)
                 .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                 .authorizeHttpRequests(auth -> auth
                         .requestMatchers("/login").permitAll()
diff --git a/src/main/java/github/benjamin/equipreservebackend/config/WebConfig.java b/src/main/java/github/benjamin/equipreservebackend/config/WebConfig.java
deleted file mode 100644
index fae95f5..0000000
--- a/src/main/java/github/benjamin/equipreservebackend/config/WebConfig.java
+++ /dev/null
@@ -1,25 +0,0 @@
-package github.benjamin.equipreservebackend.config;
-
-import org.springframework.context.annotation.Configuration;
-import org.springframework.web.servlet.config.annotation.CorsRegistry;
-import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
-import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
-
-@Configuration
-public class WebConfig implements WebMvcConfigurer {
-
-    @Override
-    public void addResourceHandlers(ResourceHandlerRegistry registry) {
-        registry.addResourceHandler("/device_image/**")
-                .addResourceLocations("file:" + System.getProperty("user.dir") + "/device_image/");
-    }
-
-    @Override
-    public void addCorsMappings(CorsRegistry registry) {
-        registry.addMapping("/**")
-                .allowedOriginPatterns("*")
-                .allowedMethods("*")
-                .allowedHeaders("*")
-                .allowCredentials(true);
-    }
-}